/// <summary>
/// Generate a certificate
/// </summary>
/// <remarks>Only the extensions supplied will be included in the certificate</remarks>
/// <param name="gen">Certificate generator instance</param>
/// <param name="ext">Extensions to include in the certificate</param>
/// <returns>New certificate</returns>
protected override X509Certificate generate(ICertGen gen, X509Extensions ext)
{
if (gen is SysV1CertGen)
{
return(((SysV1CertGen)gen).Generate(cspParam, ext));
}
else
{
return(((SysV3CertGen)gen).Generate(cspParam, ext));
}
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="gen">The generator.</param>
/// <param name="profile">The profile.</param>
/// <param name="notBefore"></param>
/// <param name="notAfter"></param>
/// <returns></returns>
protected override X509Certificate generate(ICertGen gen, Profile.Profile profile, DateTime notBefore, DateTime notAfter)
{
if (gen is SysV1CertGen)
{
return(((SysV1CertGen)gen).Generate(cspParam, profile, notBefore, notAfter));
}
else
{
return(((SysV3CertGen)gen).Generate(cspParam, profile, notBefore, notAfter));
}
}
/// <summary>
/// Generate a certificate
/// </summary>
/// <remarks>All extensions in request will be included in the certificate</remarks>
/// <param name="gen">Certificate generator instance</param>
/// <returns>New certificate</returns>
protected override X509Certificate generate(ICertGen gen)
{
return(((SysV3CertGen)gen).Generate(cspParam));
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="gen">The generator.</param>
/// <param name="ext">The extensions.</param>
/// <returns></returns>
protected virtual X509Certificate generate(ICertGen gen, X509Extensions ext)
{
return(((IbcCertGen)gen).Generate(privateKey, ext));
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="gen">The generator.</param>
/// <returns></returns>
protected virtual X509Certificate generate(ICertGen gen)
{
return(((IbcCertGen)gen).Generate(privateKey));
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="gen">The generator.</param>
/// <param name="profile">The profile.</param>
/// <param name="notBefore">The not before.</param>
/// <param name="notAfter">The not after.</param>
/// <returns></returns>
protected virtual X509Certificate generate(ICertGen gen, Profile.Profile profile, DateTime notBefore, DateTime notAfter)
{
return(((IbcCertGen)gen).Generate(privateKey, profile, notBefore, notAfter));
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="gen">The generator.</param>
/// <param name="profile">The profile.</param>
/// <param name="notBefore">The not before.</param>
/// <param name="notAfter">The not after.</param>
/// <returns></returns>
protected override X509Certificate generate(ICertGen gen, Profile.Profile profile, DateTime notBefore, DateTime notAfter)
{
return(((BcV3CertGen)gen).Generate(privateKey, profile, notBefore, notAfter));
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="gen">The generator.</param>
/// <param name="ext">The extensions.</param>
/// <returns></returns>
protected override X509Certificate generate(ICertGen gen, X509Extensions ext)
{
return(((BcV3CertGen)gen).Generate(privateKey, ext));
}
/// <summary>
/// Generates the certificate.
/// </summary>
/// <param name="gen">The generator.</param>
/// <returns></returns>
protected override X509Certificate generate(ICertGen gen)
{
return(((BcV3CertGen)gen).Generate(privateKey));
}
/// <summary>
/// Generate a certificate
/// </summary>
/// <param name="gen">Certificate generator instance</param>
/// <param name="ext">Extensions to include in the certificate</param>
/// <returns>
/// New certificate
/// </returns>
/// <exception cref="System.NotSupportedException">This CA does not support X.509v3 extensions</exception>
/// <remarks>
/// Always throws an exception - this CA uses V1 certificates
/// </remarks>
protected override X509Certificate generate(ICertGen gen, X509Extensions ext)
{
throw new NotSupportedException("This CA does not support X.509v3 extensions");
}
/// <summary>
/// Issues the certificate.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="profile">The profile</param>
/// <param name="notBefore">The not before.</param>
/// <param name="notAfter">The not after.</param>
/// <returns>
/// Certificate
/// </returns>
/// <exception cref="System.ArgumentException">Invalid signature algorithm in request</exception>
/// <exception cref="System.ArgumentOutOfRangeException">Invalid lifetime units in ValidityPeriod</exception>
private X509Certificate issueCertificate(Pkcs10CertificationRequest request, Profile.Profile profile, DateTime notBefore, DateTime notAfter)
{
X509Certificate newCert;
string profileName = "";
// Parse the request
Pkcs10Parser p10 = new Pkcs10Parser(request, false);
// Check that correct sig algorithm has been used
DerObjectIdentifier sigAlgOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
if (!p10.SignatureAlgorithm.Equals(sigAlgOid))
{
logEvent(LogEvent.EventType.Error, "Invalid signature algorithm in request: " + p10.SignatureAlgorithm.ToString());
throw new ArgumentException("Invalid signature algorithm in request", p10.SignatureAlgorithm.ToString());
}
// Get the derived class to specify the cert generator
ICertGen certGen = getCertificateGenerator();
// Setup the certificate
certGen.SetSerialNumber(nextCertSerial());
certGen.SetIssuerDN(caCertificate.SubjectDN);
certGen.SetSubjectDN(p10.Subject);
certGen.SetPublicKey(p10.PublicKey);
certGen.SetSignatureAlgorithm(signatureAlgorithm);
if (certGen.GetVersion() == X509ver.V3)
{
((V3CertGen)certGen).AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCertificate.GetPublicKey()));
((V3CertGen)certGen).AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(p10.PublicKey));
}
// Add further extensions either from profile or request attributes
// If a profile is specified ignore all attributes apart from SubjAltName
if (profile != null)
{
// Add in SubjAltName if there is one (there won't be for a V1 certifcate)
if ((p10.SubjectAltNames != null) && (certGen.GetVersion() == X509ver.V3))
{
bool critical = p10.IsCritical(X509Extensions.SubjectAlternativeName);
((V3CertGen)certGen).AddExtension(X509Extensions.SubjectAlternativeName, critical, p10.SubjectAltNames);
}
// Capture the profile name for database
profileName = profile.Name;
// cut the cert - derived class determines what happens using generate()
newCert = generate(certGen, profile, notBefore, notAfter);
}
else // No profile
{
// Set the validity period
certGen.SetNotBefore(notBefore.ToUniversalTime());
certGen.SetNotAfter(notAfter.ToUniversalTime());
// Do what it says in the request - derived class determines what happens using generate()
newCert = generate(certGen, p10.Extensions);
}
// Add certificate to the CA DB
Database.AddCertificate(newCert, request.GetDerEncoded(), profileName, dbFileLocation, caCertificate, cspParam);
logEvent(LogEvent.EventType.DBAddCert, "DB: Certificate added: " + newCert.SerialNumber.ToString());
return(newCert);
}
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="ext">The extensions.</param> /// <returns></returns> protected abstract X509Certificate generate(ICertGen gen, X509Extensions ext);
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <returns></returns> protected abstract X509Certificate generate(ICertGen gen);
/// <summary> /// Generates the certificate. /// </summary> /// <param name="gen">The generator.</param> /// <param name="profile">The profile.</param> /// <param name="notBefore">The not before.</param> /// <param name="notAfter">The not after.</param> /// <returns></returns> protected abstract X509Certificate generate(ICertGen gen, Profile.Profile profile, DateTime notBefore, DateTime notAfter);
